-
Notifications
You must be signed in to change notification settings - Fork 40
Using test TSL lists
In testing environment, it is possible to use test TSL lists for validating signatures that have been created with test certificates.
- LOTL (List of Trusted Lists) for testing that points to the national test TSL can be found at https://open-eid.github.io/test-TL/tl-mp-test-EE.xml
- National TL (Trusted List) for testing that contains SK (Estonian CA) test certificates and other data is available at https://open-eid.github.io/test-TL/EE_T.xml. National TL URL is registered in the LOTL, the library derives the URL value automatically from the LOTL.
- Signing certificate for the test LOTL is needed for validating the list's signature, can be downloaded from https://open-eid.github.io/test-TL/trusted-test-tsl.crt
You can specify the LOTL that is used by the library either in the digidoc4j.yaml configuration file or directly via the API.
Set the TSL_LOCATION configuration parameter to refer to the test LOTL location. Since version 5.0.0 the old configuration parameter is deprecated and using LOTL_LOCATION is preferred:
# pre-5.0.0 DigiDoc4J (deprecated since 5.0.0)
TSL_LOCATION: https://open-eid.github.io/test-TL/tl-mp-test-EE.xml
# since DigiDoc4J version 5.0.0
LOTL_LOCATION: https://open-eid.github.io/test-TL/tl-mp-test-EE.xmlConfigure the trust-store that contains the signing certificate for the test LOTL. Since version 5.0.0 the old configuration parameters prefixed with TSL_ are deprecated and using the new parameters prefixed with LOTL_ is preferred:
# pre-5.0.0 DigiDoc4J (deprecated since 5.0.0)
TSL_KEYSTORE_LOCATION: keystore/test-keystore.jks
TSL_KEYSTORE_PASSWORD: digidoc4j-password
# since DigiDoc4J version 5.0.0
LOTL_TRUSTSTORE_PATH: classpath:truststores/test-lotl-truststore.p12
LOTL_TRUSTSTORE_PASSWORD: digidoc4j-password
LOTL_TRUSTSTORE_TYPE: PKCS12Set the test LOTL location via the setTslLocation method of the Configuration class. Since version 5.0.0 the old method is deprecated and using setLotlLocation is preferred:
Configuration configuration = Configuration.of(Configuration.Mode.TEST);
// pre-5.0.0 DigiDoc4J (deprecated since 5.0.0)
configuration.setTslLocation("https://open-eid.github.io/test-TL/tl-mp-test-EE.xml");
// since DigiDoc4J version 5.0.0
configuration.setLotlLocation("https://open-eid.github.io/test-TL/tl-mp-test-EE.xml");Configure the trust-store that contains the signing certificate for the test LOTL. Since version 5.0.0 the old methods prefixed with setTsl are deprecated and using the new methods prefixed with setLotl is preferred:
// pre-5.0.0 DigiDoc4J (deprecated since 5.0.0)
configuration.setTslKeyStoreLocation("keystore/test-keystore.jks");
configuration.setTslKeyStorePassword("digidoc4j-password");
// since DigiDoc4J version 5.0.0
configuration.setLotlTruststorePath("classpath:truststores/test-lotl-truststore.p12");
configuration.setLotlTruststorePassword("digidoc4j-password");
configuration.setLotlTruststoreType("PKCS12");NB: In older versions of DigiDoc4J, only JKS keystores were supported as LOTL truststores. Since DigiDoc4J version 5.0.0, the type of LOTL truststores can be specified explicitly.
Official builds are provided through releases. If you want support, you need to be using official builds. For assistance, contact us by email [email protected]. Additional information can be found in wiki Q&A and on ID.ee portal.
For staying up to date with news impacting services and applications that use the DigiDoc4j library, join DigiDoc4j library newsletter.
Source code is provided on "as is" terms with no warranty (see license for more information). Do not file GitHub issues with generic support requests.